1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
<?php
declare(strict_types=1);
class Permission
{
private static $permissions = array(
'superadmin' => 1, // Can do everything
'baseconfig_global' => 2, // Change configuration globally
'baseconfig_local' => 4, // Change configuration for specifig groups/rooms
'translation' => 8, // Can edit translations
);
public static function get(string $permission): int
{
if (!isset(self::$permissions[$permission])) ErrorHandler::traceError('Invalid permission: ' . $permission);
return self::$permissions[$permission];
}
// TODO: Doc/Refactor
public static function addGlobalTags(?array &$array, ?int $locationid, array $disabled, ?string $noneAvailDisabled = null): void
{
if (Module::get('permissionmanager') === false)
return;
if ($array === null) {
$array = [];
}
$one = false;
foreach ($disabled as $perm) {
if (User::hasPermission($perm, $locationid)) {
$one = true;
continue;
}
if (strpos($perm, '.') === false) {
$array[$perm] = ['disabled' => 'disabled', 'readonly' => 'readonly'];
continue;
}
$temp =& $array;
foreach (explode('.', $perm) as $sub) {
if (empty($sub) || $sub === '*')
continue;
$temp =& $temp[$sub];
}
$temp = ['disabled' => 'disabled', 'readonly' => 'readonly', 'hidden' => 'hidden'];
}
if (!$one && !is_null($noneAvailDisabled)) {
$array[$noneAvailDisabled] = [
'disabled' => 'disabled',
'readonly' => 'readonly',
];
}
}
public static function moduleHasPermissions(string $moduleId): bool
{
if (Module::get('permissionmanager') === false)
return true;
return file_exists('modules/' . $moduleId . '/permissions/permissions.json');
}
/**
* Takes a list of locations, removes any locations from it where the user doesn't have permission,
* and then re-adds locations resulting from the given query. The given query should return only
* one column per row, which is a location id.
*/
public static function mergeWithDisallowed(array $passedLocations, string $permission, string $query, array $params): array
{
$allowed = User::getAllowedLocations($permission);
if (in_array(0, $allowed))
return $passedLocations;
$passedLocations = array_intersect($passedLocations, $allowed);
$oldSet = Database::queryColumnArray($query, $params);
$oldSet = array_diff($oldSet, $allowed);
if (!empty($oldSet)) {
$passedLocations = array_unique(array_merge($passedLocations, $oldSet));
}
return $passedLocations;
}
}
|
